Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

Debug Log Manager < 2.3.2 - Unauthenticated Stored Cross-Site Scripting

Description The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.2AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.15 views

Backup Migration < 1.4.4 - Information Exposure via Log Files

Description The Backup Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information via log files...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.12 views

QR Code Composer < 2.0.4 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS6.3AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.10 views

Cornerstone < 0.8.1 - Reflected Cross-Site Scripting

Description The Cornerstone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

7.1CVSS6.3AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.13 views

AI Infographic Maker < 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The AI Infographic Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.25 views

Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting

Description The Import Content in WordPress & WooCommerce with Excel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.5AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.18 views

CBX Bookmark & Favorite < 1.7.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The CBX Bookmark & Favorite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.16 views

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.2.6 - Reflected Cross-Site Scripting

Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 13.2.5 due to insufficient input sanitization and output...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.15 views

Netgsm < 2.9.1 - Reflected Cross-Site Scripting

Description The Netgsm plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

Simple Membership < 4.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.22 views

Active Products Tables for WooCommerce < 1.0.6.3 - Missing Authorization

Description The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getsmth function in all versions up to, and including, 1.0.6.2. This makes it possib...

5.3CVSS7AI score0.00396EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

Mortgage Calculators WP < 1.60 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Mortgage Calculators WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.13 views

Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...

5.8AI score0.00741EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.20 views

Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting

Description The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS8.6AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

EnvíaloSimple: Email Marketing y Newsletters < 2.3 - Reflected Cross-Site Scripting

Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.16 - Contributor+ Stored Cross-Site Scripting

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelteammembersimagerounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 d...

6.4CVSS5.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.15 views

SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user PoC As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist=3CHANGE HERE=0CHANGE HERE=&=1708406394720 You can view files and...

6.1AI score0.00523EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.20 views

WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

7.6CVSS6.7AI score0.00232EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

WP 2FA – Two-factor authentication for WordPress < 2.6.3 - Reflected Cross-Site Scripting

Description The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.6AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.22 views

Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Cli...

5.8AI score0.00441EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.13 views

ElementsKit Elementor addons < 3.1.1 - Contributor+ Local File Inclusion via Onepage Scroll Module

Description The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level...

8.8CVSS7.9AI score0.01063EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.16 views

CM Tooltip Glossary < 4.3.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS4.5AI score0.00253EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

5.5AI score0.00217EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-lev...

5.9CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

FOX – Currency Switcher Professional for WooCommerce < 1.4.1.9 - Unauthenticated Arbitrary Shortcode Execution

Description The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on...

6.5CVSS8AI score0.01032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.15 views

Slider by 10Web – Responsive Image Slider < 1.2.55 - Reflected Cross-Site Scripting

Description The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.5AI score0.00522EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.40 views

Forminator < 1.29.3 - Admin+ SQL Injection

Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.29.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

7.2AI score0.30361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

DSGVO Youtube < 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The DSGVO Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.18 views

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds < 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user...

6.5CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.18 views

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user PoC 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...

6.4AI score0.00434EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.9 views

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin < 3.63 - Reflected Cross-Site Scripting

Description The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.62 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.5AI score0.00371EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Insecure Direct Object Reference

Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 16.26.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.7AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

Interactive World Maps < 2.5 - Reflected Cross-Site Scripting

Description The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.5AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.10 views

HL Twitter <= 2014.1.18 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have a logged in admin open an HTML page containing:...

6.3AI score0.00204EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

WP Prayer <= 2.0.9 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

6.3AI score0.00347EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.15 views

WordPress Simple HTML Sitemap < 2.9 - Reflected Cross-Site Scripting

Description The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.4AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.26 views

Master Slider < 3.9.7 - Unauthenticated PHP Object Injection

Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is...

9.6CVSS7.7AI score0.00492EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

Language Switcher for Transposh < 1.6.0 - Reflected Cross-Site Scripting

Description The Language Switcher for Transposh plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery < 2.7.7.22 - Authenticated (Author+) Cross-Site Scripting

Description The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.17 views

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) < 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget

Description The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2...

6.4CVSS5.9AI score0.0043EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.18 views

HelloAsso < 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The HelloAsso plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.18 views

WP 404 Auto Redirect to Similar Post < 1.0.5 - Reflected Cross-Site Scripting via Debug Mode URI

Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URI in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.28 views

Forminator < 1.15.4 - Reflected Cross-Site Scripting

Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.3AI score0.00632EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.13 views

WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make and admin open a URL where is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpemanageprayer=deleteid=...

6.4AI score0.00189EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

WP Smart Import : Import any XML File to WordPress < 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting

Description The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.8AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.12 views

month name translation benaceur < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

5.4AI score0.00352EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.12 views

WP Prayer <= 2.0.9 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open a page containing:...

6.4AI score0.00258EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

Tutor LMS – eLearning and online course solution < 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user suppli...

5.4CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.15 views

BA Book Everything < 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.6.9 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.11 views

Backend Designer < 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Backend Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.3AI score0.00338EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603